CNNVD-202511-370 Information
CNNVD ID
CNNVD-202511-370
Related CVE
- CNNVD Published: 2025-11-05
Description (Chinese)
WSO2 API Manager等都是美国WSO2公司的产品。WSO2 API Manager是一套API生命周期管理解决方案。WSO2 Identity Server(IS)是一款身份认证服务器。WSO2 Open Banking IAM是一种用于开放银行(Open Banking)领域的身份和访问管理解决方案。 WSO2多款产品存在安全漏洞,该漏洞源于管理控制台输出编码不当,可能导致反射型跨站脚本攻击。以下产品受到影响:WSO2 Open Banking IAM、WSO2 API Manager和WSO2 Identity Server。
Description (English)
WSO2 API Manager and others are products of WSO2 in the United States. WO2 API Manager is an API life-cycle management solution. WO2 Verification Server (IS) is an identification server. WO2 Open Banking IAM is an identity and access management solution for Open Banking. There is a safety loophole in more than WSO2 products, which stems from the miscoded output of the management console, which could lead to a reflector-type cross-station script attack. The following products were affected: WSO2 Open Banking IAM, WSO2 API Manager and WSO2 Infrastructure Server.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WSO2
Published
2025-11-05
Last Modified
2026-02-24